2024-0313 Security System Accreditation Support (NS) NETHERLANDS - 22 Aug

Please do  NOT  apply for any NATO contract positions unless you meet ALL the following criteria:

Any applications that do NOT meet all the above - and do not CLEARLY show these on the CV - will be deleted.

Background:

• The NCI Agency has been established with a view to meeting the collective requirements of some or all NATO nations in the fields of capability delivery and service provision related to Consultation, Command & Control as well as Communications, Information and Cyber Defence functions, thereby also facilitating the integration of Intelligence, Surveillance, Reconnaissance, Target Acquisition functions and their associated information exchange.
• The NATO Cyber Security Centre (NCSC) is a team of over 200 members working to monitor and protect NATO networks. In the NCSC's role to deliver robust security services to the NATO Enterprise and NATO Allied Operations and Missions (AOM), the centre executes a portfolio of programmes and projects around 219 MEUR euros per year, in order to uplift and enhance critical cyber security services.

Objectives:
The main objective of the statement of work is to support the NATO Cyber Security Centre (NCSC) with technical expertise specifically related to security accreditation and risk mitigation of a few large NATO Communication and Information Systems (CIS) in order to successfully execute the work undertaken by the NATO Cyber Security Centre (NCSC) in the area of Communications and Information System (CIS) security, cyber defence and security accreditation within NATO or equivalent, with a deliverable based (completion-type) contract to be executed in 2025.
 
Scope of Work:
This document outlines the services to be provided by the Contractor's Personnel to NCIA Cyber Security Transform Branch and specifies the required skillset and experience in order to achieve the above objective.
 
Under the direction/guidance of NCIA or delegated staff, and in cooperation with NATO Infrastructure Services Centre (NISC) and the Accreditation Support Office (ASO), the contractor is tasked to develop a set of documentation for security accreditation of:

• NATO General Communication System (NGCS) and its subsystems,
• NATO-Wide Studio Video Teleconferencing (NWSVTC) and
• NATO Secure Voice Services (NSVoS).

The main purpose of requested accreditation document set (ADS) will be documentation of compliance with relevant NATO security directives.
The service-based contractor will focus on providing the standard ADS, consisting of:

• CIS description;
• Security Accreditation Plan (SAP);
• Security Risk Assessment (SRA);
• System-specific Security Requirement Statement (SSRS);
• Security Operating Procedures (SecOPs);
• Security Test and Verification Plan (STVP).

The ADS will be subject to approval by NATO Security Accreditation Authorities (SAAs) (this approval is not in scope of the incumbent's activities).
This work will include the following activities:
Input to all the documents - the contractor will perform the following functions in order to prepare and produce the required deliverables:

• Gain familiarity with the relevant NATO security directives as indicated by the NCSC PoC. There will be two directives specifically, 170 pages in total.
• Gain familiarity with previous versions of description of NATO General Communication System (NGCS), NATO Wide Studio VideoTeleConferencing (NWSVTC) and NATO Secure Voice Services (NSVoS) (7 documents, ca 250 pages in total)
• Gain familiarity with provided examples of Security Requirement Statements and Security Test and Verification Plans; see example of sample template (unpopulated) in Enclosure 2; and
• Engage with NCSC ASO, NISC and NDWC SMEs (through a variety of workshops or meetings) to ensure that implementation of requirements from relevant NATO security directives by NGCS, NWSVTC and NSVoS are adequately addressed in requested ADS (SRA, SSRSs, SecOPs and STVPs).

Coordination and Reporting:

• The Contractor shall deliver services in The Hague / The Netherlands.
• The highest level of classification that contractor may need to access is NATO SECRET (NS). As a result of this contractor must hold a valid NATO SECRET Security Clearance.
• The contractor shall report to the NCIA Project Manager or designated Point of Contact (POC) assigned by the NCIA Cyber Security Service Line
• The Contractor shall participate in monthly status update meetings and other meetings, physically in the office, or in person via electronic means using Conference Call capabilities, according to service delivery manager's instructions.
• For each sprint to be considered as complete and payable, the contractor must report the outcome of his/her work during the sprint, first verbally during the retrospective
• meeting and then in writing, within five (5) working days after the sprint's end date.
• A report in the format of a short email shall be sent to NCIA POC briefly mentioning the work held and the achievements during the sprint.

Practical Arrangements:
The contractor will be required to provide services in a hybrid way, both on-site at NCIA The Hague and remotely, averagely estimated 50%-50% as part of this engagement.
The NCSC Team is located in The Hague / The Netherlands, with working hours will from 08:30 to 17:30 with 1 hour for lunch from Monday to Thursday. On Friday working hours will be from 08:30 to 15:30 with 1 hour for lunch.
The contractor will be required to provide services following the rules and regulations applicable for the operations of NATO CIS.
The Purchaser will provide the Contractor with the following Purchaser-Furnished Equipment (PFE):

• Access to NATO sites, as required, for the purpose of executing this SOW.
• Workspace (needed business IT for both on- and off-site work, hot-desk at NCSC facility).
• NCIA "REACH" laptop to be used by the contractor for the execution of the contract.

Requirements:
Qualification:
ervices under current SOW are to be delivered by ONE resource that must have demonstrated skills, knowledge and experience as listed below:

• It is mandatory for the Contractor to be in possession of a NATO SECRET security clearance to facilitate follow-on engagements and coordination at NATO venues.
• Language Proficiency: English

Past Performance and Qualifications:
Required skillset of the proposed contractor is extensive knowledge and experience (more than 5 years) in the following areas:

• General, wide breadth knowledge of cyber security principles, best practices, concepts and technology;
• Solid knowledge of cyber security, including boundary protection, encryption, identity and access management, monitoring and detection, incidence response, vulnerability assessments, and risk management;
• Familiarity with system accreditation and deployment of CIS;
• Knowledge and experience in testing and validating that contracted deliveries meet the security requirements and fulfil the intended use-cases;
• Familiarity with NATO security policy and supporting directives is desirable
• Familiarity with PILAR (tool for security risk assessment) is desirable;
• Familiarity with NGCS and its subsystems is desirable,
• Familiarity with NWSVTC and NSVoS is desirable;
• Ability to work independently and in teams to achieve the desired goals.
• The ability to take ownership of tasks and strong motivation to accomplish them to the end.
• Excellent communications and writing skills in English.
• Responsible for complying will all applicable local employment laws, in addition to following all NCIA on boarding procedures. Delivery of the service cannot begin until these requirements are fulfilled.